Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/06/12 6:13 p.m.9 views

CVE-2026-42947 Naxclow IoT Platform Authorization bypass through User-Controlled key

A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account. Because the affected endpoints validate request signatures but do not confirm legitimate ownership, an attacker with any account can...

8.8CVSS5.5AI score0.00312EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 6:13 p.m.8 views

EUVD-2026-36531

A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account. Because the affected endpoints validate request signatures but do not confirm legitimate ownership, an attacker with any account can...

8.8CVSS5.4AI score0.00312EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 6:13 p.m.20 views

CVE-2026-42947

CVE-2026-42947 affects Naxclow IoT Platform. A flaw in the onboarding workflow lets an attacker replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account, because endpoints validate request signatures but do not verify legitimate ownership. Practical consequence: a...

8.8CVSS5.4AI score0.00312EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48953

Name of the Vulnerable Software and Affected Versions Naxclow Smart Doorbell X3 affected versions not specified Naxclow platform affected versions not specified Description A flaw in the onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to...

8.8CVSS5.3AI score0.00312EPSS
Exploits0References4
Rows per page
Query Builder